Shodan
Vulnerabilities
Vulnerable Software
Humhub:  Security Vulnerabilities
CVE-2019-9094
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-21
CVE-2016-1229
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.003
Published
2016-06-05
CVE-2014-9528
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.
CVSS Score
7.5
EPSS Score
0.024
Published
2015-01-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved